MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 57ac6c1b68ef05a8f3bd369220e3552646483a87fc8ff3dd20175f56239aec55. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 57ac6c1b68ef05a8f3bd369220e3552646483a87fc8ff3dd20175f56239aec55
SHA3-384 hash: 197ca8285d6bc932a8b01b414a1bcbb25436968cb91e8affd2001dd13989d7b71f4aba8c37952fc03ea1cac6650b1da5
SHA1 hash: b191f827404551e2743d865cafa65ee54c36d651
MD5 hash: d9c1ec3cf58d11f478b2360425081526
humanhash: oranges-harry-video-emma
File name:SOA for May.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-17 05:39:38 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:XPCganNT66+AMGVD14s9eQtNvHwjUP6hbtuHLbZOCPEReJKe4krwPAfXFfJNISLO:tanl5nZD1cQ3Hwj/b6b0hHPAfx1qRH
TLSH 9E4512E0A76150E7E84141B104B5AE27876FAD1E2EA1DF8F775D3AA97F33382580E403
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: box.airrepcirinc.com
Sending IP: 192.119.111.198
From: Nitesh Chaudhary <info@airrepcirinc.com>
Subject: RE: Re: SOA for May 2020
Attachment: SOA for May.img (contains "SOA for May.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Soft32downloader-6691270-0
Create hunting rule

SecuriteInfo.com.Artemis162931E90DCF.4593.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Delikle
Create hunting rule
Status:
Malicious
First seen:
2020-06-17 05:41:05 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=k6wgyg3i54c2r455g2jcby2vezdeqouh7sh7hxjac5pvmi425rkq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 57ac6c1b68ef05a8f3bd369220e3552646483a87fc8ff3dd20175f56239aec55

(this sample)

AgentTesla

Executable exe 0f24e222f76b19a0f1995c70e3711ab2b1c7e3f41c5e915796e767fce361e2e3

  
Dropping
MD5 0d99433b3e3f8e484a2079ec22ab619a
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0f24e222f76b19a0f1995c70e3711ab2b1c7e3f41c5e915796e767fce361e2e3

Comments